Job Detail

Business Information Security Officer


Job Description

The Singapore Business Information Security Officer (BISO) is accountable for all IS activities including but not limited to oversight the IS Risk Management to the Franchise and its processes and support ASL where needed. The BISO will support & work closely with Business, Operations & Technology teams, and the overall ISO community to oversee and monitor adherence with ASL IS Policy and Standards, manage risk and provide Business advise on Information Security.

Key Responsibilities

Focuses on Key BISO activities:

  • Ensure IS Risk assessments (ISRA) is conducted for Projects, Applications, and Third-Party Outsourcing arrangements in accordance to ASL Standards by partnering with Technology and the Business and determines the impact of control deficiencies.
  • Participate in industry forums and stay close to evolving regulations (MAS, CSA, FS-ISAC etc.) to provide subject matter expert feedback. And ensure new and updated information and cyber security regulations are assessed for impact in a timely manner by partnering within ISO community, Technology and Business.
  • Assists in the definition and implementation of IS standards at the business level to ensure that procedures and practices comply with ASL standards.
  • Develops corrective action for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets ASL requirements or industry best practices.
  • Collaborates to create Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools.
  • Support business on IS matters during audit reviews and regulatory inspections.
  • Helps security incident response teams resolve and close the investigation of incidents with proactive suggestions.
  • Validate third party issues and ensure management’s awareness of the risk involved (TPISA)
  • Provide information and cyber security awareness training.
  • Provides periodic IS risk management reports in business language and to business, highlighting key issues and corrective action plans.
  • Lead the country Cyber exercise engagement along with the Cyber Exercise team and country business Subject Matter Experts (SME).
  • Ensures oversight and compliance to the IS program within the business, including programs, policies, and related reporting.


Acts as a Business Partner

  • Communicates and interacts regularly with employees and business management on IS related programs, policies, and standards.
  • Communicates with the ISOs and business managers; escalates as appropriate.
  • Actively support and manage any regulatory engagement and other seniors, working in conjunction and advise of the global and regional teams.
  • Provides general IS consulting services including interpretation and/or clarification.
  • Participates in the IS community on committees and cross-business / functional opportunities.
  • Enforces compliance; demonstrates extensive understanding of IS standards and best practices across multiple disciplines.
  • Engages a Technical Information Security Officer (TISO), SME or another senior ISO where additional technical and/or Subject Matter knowledge is required.
  • Educates and advises the business on safe IS practices and current, changing, and/or recommended IS requirements.
  • Plans and executes the IS strategy.
  • Articulates the value of IS controls and its bottom-line impact.
  • Partners with business coordinators in other disciplines, e.g., Business Continuity Management (BCM), Records Management, Fraud Management, etc.
  • Leverages the ISO network to pool resources, seek out best practices, and create efficiencies
  • Work with the regulator, Association of Banks, Compliance, and other Financial Institutions as needed.
  • Support business to address instances of non-compliance in business processes/procedures, applications, and outsourcing.
  • Integrates IS in the day-to-day operations and culture of the business.
  • Exercises oversight of the IS programs within the business, including programs, policies, and related reporting.


Builds and maintains supportive networks with key stakeholders and colleagues

  • Communicates and interacts regularly with employees.
  • Leverages the ISO network to pool resources, seek out best practices, and create efficiencies.
  • Participates in the IS community on committees and cross-business/functional opportunities.
  • Partners with application manager or TISO as needed to address specific technical needs or requirements.
  • Participate and where needed lead regional IS initiatives.
  • Assist business units in preparation of Audit Risk and Reviews, by identifying deficiencies against Information Security Standards, construction of remediation plans and adherence to issue management standards by way of ensuring that Corrective Action Plans and Risk Acceptances are in place, including ad-hoc IS Risk related initiatives and projects.
  • Communicate regularly with the Regional and Group Information Security Officer to implement global and regional IS initiatives within the business.

Job Requirement

Other Requirements

  • Excellent consulting and problem-solving/analytical skills.
  • Advanced presentation skills and program management.
  • Good business communication skills.
  • Team-player, proactive, assertive, service-oriented and has good people-skills.
  • Proven ability to manage multiple tasks and priorities.
  • Ability to manage tight time frames and communicate effectively with peers and management.
  • Flexibility to adapt to changing demands and priorities.

Education Qualifications 

  • Bachelor’s Degree in Engineering or Computers or Equivalent. 
  • 10+ Years of Experience in years of Information security experience in areas of security governance, risk management, application security design, security project management or security operation.
  • Professional Certifications CISSP, CISM, CISA, SANS, Cloud (at least 2 and willingness to continuously upskill)


Required Capability: 

  • Good understanding of Information Security control areas such as Authentication/Authorization, Access Controls, Entitlement, Cryptography, Encryption, Network, Application/System Security, Key Management. Vulnerability Management (OWASP, SANs)
  • Knowledge of SDLC, Agile/Iterative, DevOps/DevSecOps and integration with security assessment is required.
  • Excellent IS/IT Program or Project Management
  • Excellent Written and Verbal communication skills.
  • Exhibit Strong Influencing/negotiating skills with attention to details.
  • Ability to multi-task, prioritize and work with minimum supervision. 
  • Strong problem solving/analytical skills.  
  • Proficient in MS Office – Excel, Word, PowerPoint and other collaboration tools. 
  • Pro-active self-starter, demonstrates initiative and works independently with minimum supervision.

Full Name*
Email address*
Upload a different Resume (Your application will be submitted using this resume instead)
Choose a file
Only .pdf is allowed